Solved

My system is infected with a virus and I can't seem to clean it up.

Posted on 2007-03-20
9
318 Views
Last Modified: 2013-12-28
One of my NT 4.0 Servers is infected with the w32.spybot.ALRD virus and I can't delete or quaranteen it. I have ran the latest updates and even tried removing it manually from the registry but I have not luck. Any ideas on what I can do to clean this up?
0
Comment
Question by:frankbustos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761243
first thing U need to do is to find a barts pe, erd commander or a linux bootable cd
something that will give u access to the harddrive while keeping it inactive so that u can remove the virus.
0
 
LVL 6

Accepted Solution

by:
bgbeer earned 500 total points
ID: 18761273
let me back up a minute!
the first thing I would do is to unplug this server from the network because it is a network aware worm that can and will spread to all other computers on the network.

after that u need to pull the ram and the cmos battery and let it sit for 10 minutes or so to empty all memory.
at that point find yourself a bootable cd that will keep your haddrive inactive while working w/ it.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761309
the other thing u that more than likely will need to be don is to reinstall
0
To Patch or not to Patch? That is the question!

Don't get caught out like thousands of others around the world in the recent Ransomware Fiasco!
Discuss..
- Why it's not a good idea to wait before Patching
- Sensible approaches to Patching discussed
- Add your feedback, comments and suggestions

 

Author Comment

by:frankbustos
ID: 18761414
Hi bgbeer,
   Ok, I will get it off the network then boot it with the ERD commander cd and see if I can delete the virus that way. I will let you know the results tomorrow as i'm off work for the rest of the evening.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761431
frank, after booting to erd commander the first thing I would do is tocheck for running processes.

with erd commander u will have restore points I would use them.
0
 

Author Comment

by:frankbustos
ID: 18761518
bgbeer,

  sounds good, I will do that.
thanks.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761547
no problem

good luck
0
 

Author Comment

by:frankbustos
ID: 18773188
thanks bgbeer,  I was able to clean out the system and get it back to normal.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18777240
glad I could help
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Determining the an SCCM package name from the Package ID
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question